
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="zh_Hans">
  <head>
    <meta http-equiv="X-UA-Compatible" content="IE=Edge" />
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Django 1.5.5 版本发行说明 &#8212; Django 3.2.11.dev 文档</title>
    <link rel="stylesheet" href="../_static/default.css" type="text/css" />
    <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
    <script type="text/javascript" id="documentation_options" data-url_root="../" src="../_static/documentation_options.js"></script>
    <script type="text/javascript" src="../_static/jquery.js"></script>
    <script type="text/javascript" src="../_static/underscore.js"></script>
    <script type="text/javascript" src="../_static/doctools.js"></script>
    <script type="text/javascript" src="../_static/language_data.js"></script>
    <link rel="index" title="索引" href="../genindex.html" />
    <link rel="search" title="搜索" href="../search.html" />
    <link rel="next" title="Django 1.5.4 版本发行说明" href="1.5.4.html" />
    <link rel="prev" title="Django 1.5.6 版本发行说明" href="1.5.6.html" />



 
<script src="../templatebuiltins.js"></script>
<script>
(function($) {
    if (!django_template_builtins) {
       // templatebuiltins.js missing, do nothing.
       return;
    }
    $(document).ready(function() {
        // Hyperlink Django template tags and filters
        var base = "../ref/templates/builtins.html";
        if (base == "#") {
            // Special case for builtins.html itself
            base = "";
        }
        // Tags are keywords, class '.k'
        $("div.highlight\\-html\\+django span.k").each(function(i, elem) {
             var tagname = $(elem).text();
             if ($.inArray(tagname, django_template_builtins.ttags) != -1) {
                 var fragment = tagname.replace(/_/, '-');
                 $(elem).html("<a href='" + base + "#" + fragment + "'>" + tagname + "</a>");
             }
        });
        // Filters are functions, class '.nf'
        $("div.highlight\\-html\\+django span.nf").each(function(i, elem) {
             var filtername = $(elem).text();
             if ($.inArray(filtername, django_template_builtins.tfilters) != -1) {
                 var fragment = filtername.replace(/_/, '-');
                 $(elem).html("<a href='" + base + "#" + fragment + "'>" + filtername + "</a>");
             }
        });
    });
})(jQuery);</script>

  </head><body>

    <div class="document">
  <div id="custom-doc" class="yui-t6">
    <div id="hd">
      <h1><a href="../index.html">Django 3.2.11.dev 文档</a></h1>
      <div id="global-nav">
        <a title="Home page" href="../index.html">Home</a>  |
        <a title="Table of contents" href="../contents.html">Table of contents</a>  |
        <a title="Global index" href="../genindex.html">Index</a>  |
        <a title="Module index" href="../py-modindex.html">Modules</a>
      </div>
      <div class="nav">
    &laquo; <a href="1.5.6.html" title="Django 1.5.6 版本发行说明">previous</a>
     |
    <a href="index.html" title="发行说明" accesskey="U">up</a>
   |
    <a href="1.5.4.html" title="Django 1.5.4 版本发行说明">next</a> &raquo;</div>
    </div>

    <div id="bd">
      <div id="yui-main">
        <div class="yui-b">
          <div class="yui-g" id="releases-1.5.5">
            
  <div class="section" id="s-django-1-5-5-release-notes">
<span id="django-1-5-5-release-notes"></span><h1>Django 1.5.5 版本发行说明<a class="headerlink" href="#django-1-5-5-release-notes" title="永久链接至标题">¶</a></h1>
<p><em>October 23, 2013</em></p>
<p>Django 1.5.5 fixes a couple security-related bugs and several other bugs in the
1.5 series.</p>
<div class="section" id="s-readdressed-denial-of-service-via-password-hashers">
<span id="readdressed-denial-of-service-via-password-hashers"></span><h2>Readdressed denial-of-service via password hashers<a class="headerlink" href="#readdressed-denial-of-service-via-password-hashers" title="永久链接至标题">¶</a></h2>
<p>Django 1.5.4 imposes a 4096-byte limit on passwords in order to mitigate a
denial-of-service attack through submission of bogus but extremely large
passwords. In Django 1.5.5, we've reverted this change and instead improved
the speed of our PBKDF2 algorithm by not rehashing the key on every iteration.</p>
</div>
<div class="section" id="s-properly-rotate-csrf-token-on-login">
<span id="properly-rotate-csrf-token-on-login"></span><h2>Properly rotate CSRF token on login<a class="headerlink" href="#properly-rotate-csrf-token-on-login" title="永久链接至标题">¶</a></h2>
<p>This behavior introduced as a security hardening measure in Django 1.5.2 did
not work properly and is now fixed.</p>
</div>
<div class="section" id="s-bugfixes">
<span id="bugfixes"></span><h2>漏洞修复<a class="headerlink" href="#bugfixes" title="永久链接至标题">¶</a></h2>
<ul class="simple">
<li>Fixed a data corruption bug with <code class="docutils literal notranslate"><span class="pre">datetime_safe.datetime.combine</span></code> (#21256).</li>
<li>Fixed a Python 3 incompatibility in <code class="docutils literal notranslate"><span class="pre">django.utils.text.unescape_entities()</span></code>
(#21185).</li>
<li>Fixed a couple data corruption issues with <code class="docutils literal notranslate"><span class="pre">QuerySet</span></code> edge cases under
Oracle and MySQL (#21203, #21126).</li>
<li>Fixed crashes when using combinations of <code class="docutils literal notranslate"><span class="pre">annotate()</span></code>,
<code class="docutils literal notranslate"><span class="pre">select_related()</span></code>, and <code class="docutils literal notranslate"><span class="pre">only()</span></code> (#16436).</li>
</ul>
</div>
<div class="section" id="s-backwards-incompatible-changes">
<span id="backwards-incompatible-changes"></span><h2>不向后兼容的变更<a class="headerlink" href="#backwards-incompatible-changes" title="永久链接至标题">¶</a></h2>
<ul class="simple">
<li>The undocumented <code class="docutils literal notranslate"><span class="pre">django.core.servers.basehttp.WSGIServerException</span></code> has
been removed. Use <code class="docutils literal notranslate"><span class="pre">socket.error</span></code> provided by the standard library instead.</li>
</ul>
</div>
</div>


          </div>
        </div>
      </div>
      
        
          <div class="yui-b" id="sidebar">
            
      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
        <div class="sphinxsidebarwrapper">
  <h3><a href="../contents.html">Table of Contents</a></h3>
  <ul>
<li><a class="reference internal" href="#">Django 1.5.5 版本发行说明</a><ul>
<li><a class="reference internal" href="#readdressed-denial-of-service-via-password-hashers">Readdressed denial-of-service via password hashers</a></li>
<li><a class="reference internal" href="#properly-rotate-csrf-token-on-login">Properly rotate CSRF token on login</a></li>
<li><a class="reference internal" href="#bugfixes">漏洞修复</a></li>
<li><a class="reference internal" href="#backwards-incompatible-changes">不向后兼容的变更</a></li>
</ul>
</li>
</ul>

  <h4>上一个主题</h4>
  <p class="topless"><a href="1.5.6.html"
                        title="上一章">Django 1.5.6 版本发行说明</a></p>
  <h4>下一个主题</h4>
  <p class="topless"><a href="1.5.4.html"
                        title="下一章">Django 1.5.4 版本发行说明</a></p>
  <div role="note" aria-label="source link">
    <h3>本页</h3>
    <ul class="this-page-menu">
      <li><a href="../_sources/releases/1.5.5.txt"
            rel="nofollow">显示源代码</a></li>
    </ul>
   </div>
<div id="searchbox" style="display: none" role="search">
  <h3>快速搜索</h3>
    <div class="searchformwrapper">
    <form class="search" action="../search.html" method="get">
      <input type="text" name="q" />
      <input type="submit" value="转向" />
      <input type="hidden" name="check_keywords" value="yes" />
      <input type="hidden" name="area" value="default" />
    </form>
    </div>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
        </div>
      </div>
              <h3>Last update:</h3>
              <p class="topless">12月 07, 2021</p>
          </div>
        
      
    </div>

    <div id="ft">
      <div class="nav">
    &laquo; <a href="1.5.6.html" title="Django 1.5.6 版本发行说明">previous</a>
     |
    <a href="index.html" title="发行说明" accesskey="U">up</a>
   |
    <a href="1.5.4.html" title="Django 1.5.4 版本发行说明">next</a> &raquo;</div>
    </div>
  </div>

      <div class="clearer"></div>
    </div>
  </body>
</html>